CVE-2026-21404
Analyzed Analyzed - Analysis Complete

Hard-Coded Credentials in NAVTOR NavBox

Vulnerability report for CVE-2026-21404, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-04

Last updated on: 2026-07-15

Assigner: ICS-CERT

Description

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the SOAP interface grants access to privileged WCF methods, enabling an attacker to write or overwrite files within application-defined paths.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-04
Last Modified
2026-07-15
Generated
2026-07-16
AI Q&A
2026-06-05
EPSS Evaluated
2026-07-15
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
navtor navbox_firmware to 4.16.1.20 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability involves hard-coded credentials within the SOAP implementation of NAVTOR NavBox if the SOAP functionality is enabled. Detection would focus on identifying if the SOAP interface is active and if unauthorized access attempts to privileged WCF methods occur.

Since exploitation requires local access and involves SOAP methods, detection could include monitoring for unusual local access to SOAP services or attempts to extract credentials from the SOAP interface.

Specific commands are not provided in the available resources.

Executive Summary

The vulnerability exists in NAVTOR NavBox versions up to 4.16.1.20, where hard-coded credentials are embedded within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract these credentials. Using the extracted credentials, the attacker can bypass the intended transfer workflow by authenticating against the SOAP interface.

Once authenticated, the attacker gains access to privileged WCF methods, which allows them to write or overwrite files within paths defined by the application.

Impact Analysis

This vulnerability can allow a local attacker to bypass security controls by extracting hard-coded credentials and gaining privileged access to the SOAP interface.

With this access, the attacker can write or overwrite files in application-defined locations, potentially leading to unauthorized modification of data or application behavior.

Mitigation Strategies

NAVTOR released a patch in April 2026 (version 4.17.2.6 or later) that automatically updates active NavBox connections. Applying this patch is the primary mitigation step.

For systems without active connections or where patching is not immediately possible, CISA recommends minimizing network exposure for control systems, isolating them behind firewalls, and using secure remote access methods such as VPNs.

Implementing cybersecurity best practices is also advised to reduce risk.

Compliance Impact

The provided information does not specify how CVE-2026-21404 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21404. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart